A command used to find and read objects from eDirectory or the application. Full functionality for Identity Manager rules, object migration, etc. depends on full implementation of the query command by the driver.
The base object of the <query> is specified by either by the dest-dn attribute or by an <association>. If both are present, the dest-dn attribute takes precedence when querying eDirectory, and the <association> takes precedence when querying a connected application (other than eDirectory). If neither are present, the base object defaults to the root object in a hierarchical namespace or all objects in a non-hierarchical namespace.
Possible scopes for the query are:
Element |
Description |
---|---|
entry |
The base object only. |
subordinates |
The objects contained by the base object. |
subtree |
The objects in the subtree whose root is the base object, including the base object. |
By default, all objects in the specified scope are selected. For scopes other than “entry,” selected objects can be further limited by <search-class> and <search-attr>. For scope “entry,” the effect of <search-attr> and <search-class> are undefined.
When there are <search-class> elements, only objects whose base class matches one of the <search-class> elements are selected.
When there are <search-attr> elements, only objects with attributes matching all of the values specified by all of the <search-attr> element is selected.
By default, all object attributes for the selected objects are to be read. The attributes to be read are limited by <read-attr>. To read none of the object attributes, specify a single nameless <read-attr>.
The <parent> of the selected objects is also read if <read-parent> is specified.
The <parent> of the selected objects is also read if <read-parent> is specified.
A response to <query> should include an <instance> for each of the selected objects.
A response to <query> should also include a <status> indicating whether or not the <query> is processed successfully. It should not be considered an error if no objects exist that match the search criteria.
<!-- search the whole application for a User object with the Surname ofJones --><!-- don't read any attributes but read the parent --><query class-name="User" event-id="0" scope="subtree"> <search-class class-name="User"/> <search-attr attr-name="Surname"> <value type="string">Jones</value> </search-attr> <read-attr/> <read-parent/></query><!-- read the User object whose foreign key is 1011 --><!-- read Surname,cn,Given Name and Telephone Number attributes --><query class-name="User" event-id="1" scope="entry"> <association>1011</association> <read-attr attr-name="Surname"/> <read-attr attr-name="cn"/> <read-attr attr-name="Given Name"/> <read-attr attr-name="Telephone Number"/></query>
( association ? , ( search-class | search-attr | read-attr | read-parent ) * , operation-data ? )